CN1156117C - Method, apparatus and communication system for exchanging message in all over environment - Google Patents

Method, apparatus and communication system for exchanging message in all over environment Download PDF

Info

Publication number
CN1156117C
CN1156117C CNB991274474A CN99127447A CN1156117C CN 1156117 C CN1156117 C CN 1156117C CN B991274474 A CNB991274474 A CN B991274474A CN 99127447 A CN99127447 A CN 99127447A CN 1156117 C CN1156117 C CN 1156117C
Authority
CN
China
Prior art keywords
channel
device
means
communication
via
Prior art date
Application number
CNB991274474A
Other languages
Chinese (zh)
Other versions
CN1262563A (en
Inventor
里特・赫曼
里特·赫曼
胡塞曼
德克·胡塞曼
Original Assignee
国际商业机器公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to EP99101457A priority Critical patent/EP1024626A1/en
Application filed by 国际商业机器公司 filed Critical 国际商业机器公司
Publication of CN1262563A publication Critical patent/CN1262563A/en
Application granted granted Critical
Publication of CN1156117C publication Critical patent/CN1156117C/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B13/00Transmission systems characterised by the medium used for transmission, not provided for in groups H04B3/00 - H04B11/00
    • H04B13/005Transmission systems in which the medium consists of the human body
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0823Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/003Secure pairing of devices, e.g. bootstrapping a secure communication link between pairing terminals; Secure socializing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/14Network-specific arrangements or communication protocols supporting networked applications for session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers; Analogous equipment at exchanges
    • H04M1/72Substation extension arrangements; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selecting
    • H04M1/725Cordless telephones
    • H04M1/72519Portable communication terminals with improved user interface to control a main telephone operation mode or to indicate the communication status
    • H04M1/72522With means for supporting locally a plurality of applications to increase the functionality
    • H04M1/72527With means for supporting locally a plurality of applications to increase the functionality provided by interfacing with an external accessory
    • H04M1/7253With means for supporting locally a plurality of applications to increase the functionality provided by interfacing with an external accessory using a two-way short-range wireless interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

本发明提供了在一个网络遍布的环境中交换信息的一个方法,一个装置和一个通信系统。 The present invention provides a method for exchanging information in a networked pervasive environment, a device, and a communication system. 使用它们,可以实现一个鉴权的和安全的会话。 Use them, you can achieve authentication and a secure session. 由此使用了一第一装置和至少一个远程第二装置。 Thereby using a first device and at least a second remote device. 激发在第一装置与远程第二装置之间的一个单向无线通信信道,由此经过这个单向无线通信信道从第一装置向远程第二装置发送一个序列,以使用加密信息来装备这个远程第二装置。 Exciting a unidirectional wireless communication channel between a first device and a second remote device, whereby through this unidirectional wireless communication channel transmits a second sequence to the remote device from the first device to use the encryption information to the remote equipment second means. 通过使用所述加密信息进行加密,经过一个无线广播媒质来向第一装置发送一个被加密的响应。 Encrypted by using the encryption information, to transmit an encrypted response to the first device via a wireless broadcast medium.

Description

说明书用于在遍布环境中交换信息的方法,装置和通信系统 A method for exchanging information throughout the specification, the environment, and a communication system means

技术领域 FIELD

本发明涉及用于在一个联网的遍布(pervasive)环境中交换信息的方法,装置,和通信系统。 The present invention relates to a method for exchanging information in a networked throughout (Pervasive) environment, the apparatus, and a communication system. 更特别地,本发明涉及允许装置进行一个被鉴权的和/或者安全的会话的一个初始计划。 More particularly, the present invention relates to an initial program allows a device to be authenticated and / or secure session.

背景技术 Background technique

原来很大,很稀少,并且是很孤立的装置的计算机已经变得越来越小,并且也更加容易携带。 It was very great, very rare, and is very isolated computer devices have become smaller, and is also easier to carry. 个人计算机和外设已经小到能够放置在工作桌上。 Personal computers and peripherals have been small enough to be placed on the work table. 更小的是便携式计算机和笔记本计算机。 Smaller portable computers and notebook computers. 有小到能够安装到一个机动车,例如一个输送车上的计算机终端。 Small to be mounted to a vehicle, such as a computer terminal transport car. 更小的是手持式终端,典型地使用特征是便携式特征,其中一个用户可以使用一个手来拿所述终端,而用另一个手来操作所述终端。 Smaller hand-held terminals typically used wherein the portable feature where a user can use one hand to come and collect the terminal, and use the other hand to operate the terminal. 通过电缆或者光纤来物理连接上述装置可能有缺点,例如因为电缆长度有限而产生的结构限制,计算机上的端口数目有限,从而限制可以连接的外设数目,重新构造硬件装置的工作很麻烦等等。 Connected by a cable or fiber optic devices may be physically above have drawbacks, such as structural constraints because of the limited cable length is generated, the limited number of ports on the computer, thereby limiting the number of peripherals that can be connected, reconfigurable hardware devices work is troublesome and the like . 注意,有一些外设接口系统,其中计算机上有限的端口数目不会限制外设的数目。 Note that there are some peripheral interface systems where the limited number of ports on the computer does not limit the number of peripherals. 通用串行总线(USB)和IEEE1394(火线)就是可以在一单个端口上支持很多装置的外设总线系统的示例。 Universal Serial Bus (USB) and IEEE1394 (Firewire) is an example of peripheral bus systems may support many devices on a single port. 以太网是电缆用作一个共享媒质的一个通信系统的示例(其它示例是令牌环,FDDI(光纤分布式数据接口),和DQDB(分布式队列双总线))。 Ethernet cable is used as an example of a communication system of a shared medium (other examples are token ring, the FDDI (Fiber Distributed Data Interface), and of DQDB (Distributed Queue Dual Bus)).

装置越小,用无线临时(ad-hoc)连接(例如人体网络,射频连接,或者红外连接)来替代固定物理连接就变得更重要,因为通过电缆或者光纤来物理连接计算机终端、外设和其它装置严重地减少了使装置变得更小而带来的效率。 The smaller the device, temporary wireless (ad-hoc) connections (e.g. body networks, radio frequency connections, or infrared connections) to replace fixed physical connections becomes more important, because the physical connection to the computer terminal by a cable or optical fiber, peripheral and other devices seriously reduce the efficiency of the devices become smaller brought. 在装置到处移动,进入一个区域而退出另一个区域的情形下,需要临时连接。 In the device moves around, enter an area and exit the area of ​​the other circumstances, require the temporary connection. 术语临时指需要频繁地进行网络重组。 The term refers to the need for network temporary recombinant frequently.

本地通信已经快速地演变为所谓个人局域网,个人局域网是在本地对等端(peer)或者子系统之间进行通信的网络。 Local communication has rapidly evolved into a so-called personal area networks, personal area network communication is carried out in a local peer (peer) or between subsystems. 这种网络在这里被称作局域网。 Such network is herein referred to as a local area network. 在这种本地网络中,无线通信显得特别重要。 In this local network, wireless communication is especially important. 已经开发和设计了很多不同的、熟知的无线通信方法来用于在这种本地网络的对等端或者子系统之间所进行的通信。 We have been developed and many different designs, well known to a wireless communication method for communication between such local peers or subsystems of the network performed.

一个本地网络的一个典型示例是产生于麻省理工(MIT)媒体实验室两个研究组的工作的个人局域网(PAN)。 A typical example of a local network is produced in the work of Massachusetts (MIT) Media Lab two study groups of personal area network (PAN). 因为人体有天然的盐分,所以人体是一个很好的电流导体。 Because the human body has a natural salt, so the body is a good conductor of electric current. PAN技术利用了所述导电性能。 PAN technology takes advantage of the conductive properties. PAN技术使用一个微弱的电流从一个个人向另一个人发送一个用户的身份和其它信息,甚至向很多日常目标,例如车,公共电话,和自动取款机(ATM)发送信息。 PAN technology uses a weak electric current to send a user's identity and other information from one person to another person, even to a lot of daily goals, such as cars, public telephones, and automated teller machine (ATM) to send information. 信息是从微处理器中发送的,微处理器放置在大小为一个厚信用卡的PAN发送器和接收器中。 Information is transmitted from the microprocessor, the microprocessor is placed on the size of a thick credit card PAN transmitter and the receiver. 然后,经过一个微弱的外部电场来发送或者接收数字数据。 Then, after a weak external electric field to transmit or receive digital data. 所述小信号被人体的自然盐分传导,并且不引人注意地经过人体来承载信息。 The small signal transduction is the body's natural salinity and unobtrusively through the body to carry information. 所述信号的频率低,并且功率也低,这确保对个人编码的信息不会超出人体,并且所述信息仅能被与它接触的某些事物或者某人所接收。 The low-frequency signal, and the power is low, which ensures that the encoded information does not exceed the individual body, and the information can only be in contact with something or someone it received. 所述信息目前所传送的速度相当于一个2400波特的调制解调器。 The information currently corresponds to a transmission speed of 2400 baud modem. 理论上,使用所述方法,通信速度可以达到每秒400,000比特。 Theoretically, the method is used, the communication speeds of up to 400,000 bits per second. PAN是不需要任何固定电缆或者类似的一个临时-人体网络的一个典型示例。 PAN does not require any fixed a temporary cable or the like - a typical example of the human network.

PAN技术可能在商业,医药,零售,甚至在个人舞台上有应用前景。 PAN technology possible in business, medicine, retail, and even the prospect on a personal stage. 例如,商业伙伴可以使用一个握手来交换电子商业卡。 For example, business partners can use a handshake to exchange electronic business cards. 公司安全设备可以自动地将用户登录到计算机系统和将用户退出计算机系统登录,拿月票乘地铁的人可以通过经过一个回转门来对乘坐地铁进行付费。 Company security devices can automatically user logs on to the computer system and the computer system login user exits, people can take the subway monthly pass to pay for the subway passes through a revolving door. PAN技术还允许人们携带以数字形式储存的医疗文件信息,以当发生紧急事件时可以由急救医疗人员存取;呼叫卡号码可以被自动地从一个钱包送到一个付费电话;ATM和汽车能够在它们的主人接近时,就自动立即识别出它们的主人。 PAN technology also allows people to carry medical information file stored in digital form, to when can be accessed by emergency medical personnel during an emergency; calling card numbers can be automatically sent to a purse from a pay phone; ATM and cars can be when their owners close automatically immediately recognize their owners. 另一个应用领域是商人,商人需要能够快速地、可靠地登录进/出用于进入购买和销售的一个交易平台。 Another field of application is businessman, businessmen need to be able to quickly and reliably to log into / out of a trading platform for the buying and selling of entering. 即使是家用装置,例如CD播放器,电视和拷面包机,也能够使用PAN技术来识别和调节成适应个人的爱好和趣味。 Even household devices, such as CD players, televisions and copy toaster, PAN technology can be used to identify and adjust to accommodate personal preferences and tastes. PAN网络通常是点对点,其中人体用作一个广播通信媒质类型。 PAN networks are usually point to point where the human body is used as a broadcast communication medium type.

GTE公司已经开发了一个短距离的射频技术(RF),它的目的是给移动装置,例如蜂窝电话,寻呼机,和手持式个人计算机(PC)一个灵巧的、与另一个装置进行通信的方法。 GTE Corporation has developed a short-range radio technology (RF), its purpose is to give a mobile device, such as cellular telephones, pagers, and handheld personal computers (PC) a dexterous method of communicating with another device. GTE公司的技术暂时被称作人体LAN(局域网)。 GTE's technology is called the body temporarily LAN (Local Area Network). 人体LAN的初始开发是经过其上连接了各种装置的一个连线内衣(因此称作人体LAN)。 The initial development of Body LAN was via a wired connection on the underwear of various devices (referred to as the human body and therefore LAN). 在几年前,这已经升级到一个RF连接。 A few years ago, it has been upgraded to a RF connection.

Xerox公司已经开发了一个称作PARC TAB的手持式计算装置。 Xerox Corporation has developed a handheld computing device called PARC TAB is. 所述PARC TAB是便携式的,并且通过其位置已知的基站连接到办公室的工作站上。 The PARC TAB is portable, and is connected to the office workstation through base stations whose locations are known. PARC TAB基站被放置在大楼的周围,并且连接到一个固定连线网络。 PARC TAB base stations are placed around the building, and is connected to a fixed wired network. PARC TAB系统使用一个预设置的大楼布局信息和各种基站的标志来判断它自己处于哪一个最强信号基站的附近。 PARC TAB system uses a flag building layout information and the various base stations to determine a pre-arranged near the strongest signal which is in its own base station. 一个PARC TAB系统假设PARC TAB便携式装置总是连接到网络基础设施上。 A PARC TAB system assumes that the PARC TAB portable device is always connected to the network infrastructure. 每一个便携式PARC TAB装置的位置对系统软件来说是已知的。 The position of each portable PARC TAB device system software is known. 这些基站距离区域,并且连接到电源上。 These base stations distance area, and are connected to the power supply. PARC TAB通信系统的拓扑结构是一个星型结构。 PARC TAB communication system topology is a star structure.

在试图对不同PC装置之间的数据通信进行标准化制定的努力中,几个公司,包括爱立信,IBM,因特尔,诺基亚和东芝建立了一个蓝牙(Bluetooth)联盟,来建立在固定,便携式和移动装置之间进行基于RF连接的全球互通标准。 In an attempt to communicate data between different PC devices to standardize the development effort, several companies, including Ericsson, IBM, Intel, Nokia and Toshiba set up a Bluetooth (Bluetooth) alliance to establish a fixed, portable and global interoperability standards based RF connection between the mobile device. 有许多其它公司采用了所述标准。 Many other companies have adopted the standards. 所建议的标准包括从物理层到应用层的结构和协议规范。 The proposed standards include the structure and from the physical layer to the application layer protocol specification. 例如,所述技术能够实现:当用户进入到他们自己的办公室时,自动地使移动装置中所保存的应用信息与一个固定台式计算机中所保存的类似信息保持一致。 For example, the techniques can be implemented: When a user enters their own office, so that application information is automatically stored in the mobile device and a stationary desktop computer similar information stored consistent. 因为蓝牙技术能够无缝地融合经过无线、短距离射频进行的语音和数据传输,所以蓝牙技术能够允许用户轻易地和快速地连接到很多装置上,而不需要使用电缆,从而扩展了移动计算机,移动电话和其它移动装置的通信能力。 Because Bluetooth technology converged voice and data transmission via wireless, short-range radio frequencies seamlessly, the Bluetooth technology can allow the user to easily and quickly connected to many devices, without the use of cables, thereby extending the mobile computer, mobile phones and other communication capabilities of the mobile device. 蓝牙的工作环境还没有被完全定义,但是很可能与IrDA(红外数据协会)规范和改进的(AIr)规范类似。 Bluetooth working environment has not been fully defined, but is likely to norms and IrDA (Infrared Data Association) and improved (AIr) specification similar. 其它可能应用到蓝牙技术中的方面可能产生于IEEE标准802.11和/或者HIPERLAN,这是由欧洲电信标准组织(ETSI)颁布的。 Other aspects may be applied to the Bluetooth technology might arise from IEEE Standard 802.11 and / or HIPERLAN, which is by the European Telecommunications Standards Institute (ETSI) issued.

蓝牙无线技术提供了一个机制,来形成不连接固定网络基础设施的小的专用临时连接装置组。 Bluetooth wireless technology provides a mechanism to form small private temporary connecting device is not connected to the group of fixed network infrastructure. 蓝牙技术中,一个主单元与相同网络段中的从单元有明显的区别,一个主单元是其时钟和跳频序列(hoppingsequence)被用于对所有其它装置进行同步的一个装置。 Bluetooth technology, a clear distinction from a master unit in the same network segment unit, the main unit is a clock and hopping sequence (hoppingsequence) is a means for synchronizing all other devices. 换句话说,蓝牙方法采用的是集中结构。 In other words, using the Bluetooth method is to focus on the structure. 一个基于询问的发现机制被用于发现地址不预先知道的蓝牙装置。 A discovery mechanism based on the Bluetooth device address of the inquiry is not known in advance for discovery. 询问也集中在一个登录服务器上。 Inquiry also focused on a logon server. 这样一个集中方法的缺点是有一个中心故障点。 Drawback of such a centralized approach is to have a central point of failure. 这样一个系统的另一个缺点是与一个分布式方法相比,其系统开销需求更大。 Another drawback of such a system is compared to a distributed approach, greater demand for its overhead. 这样一个系统的主要问题是找到一单个的登录服务器,如果所述登录服务器消失了,将会出现什么情形? The main problem with such a system is to find a single login server, if the login server is gone, what circumstances will arise? 如果两个随机的装置相遇了,它们必须首先识别出对方的出现,然后判断谁是登录服务器,然后进行它们的通信处理。 If a random two devices meet, they must first recognize each other's occurs, the server then determines who is logged, then the communication processing thereof. 这是由于对主导者的连续选择和再选择引起了所述增加的系统开销。 This is due to the continuous selection of the leader and reselection causes the increased overhead. 替代的方法是期待用户携带他们总是拿着的一个装置,并且使它总是成为主导者。 An alternative approach is to expect users to carry one device that they always held, and that it always be the leader. 但是,这不是一个实用的选择。 However, this is not a practical option.

红外数据协会(IrDA)是包括世界范围内150多个公司的一个协会,其宗旨是提供红外标准和规范,来确保红外技术的质量和互通性。 Infrared Data Association (IrDA) is an association includes more than 150 companies worldwide, and its aim is to provide an infrared standards and specifications to ensure the quality and interoperability of infrared technology. IrDA-D是红外数据传输标准,其数据传输距离可以超过1米,在不久的将来速率从115kb/s升级到4Mb/s或者16Mbs。 IrDA-D is the infrared data transmission standard, from which data can be transmitted more than 1 m, the rate in the near future upgrades from 115kb / s to 4Mb / s or 16Mbs. 其支持硬件和软件平台的范围很广。 Its range of supported hardware and software platform is very broad. IrDA数据定义了用于一个互通的、通用双向无绳红外光发送数据端口的一个标准,并且被推荐用于高速短距离的、视线、点对点无绳数据传送。 IrDA Data defines interworking for a generic bidirectional cordless infrared light transmission data port to a standard, and is recommended for high speed short range, line of sight, point to point cordless data transfer. IrDA数据协议包括一组必选协议和可选协议。 IrDA data protocols comprise a set of mandatory protocols and optional protocols. 但是,初始规范显示了一些缺点,并且限制了数据通信,使一次仅一对装置能够在相同的红外空间内进行通信。 However, the original specifications show some drawbacks and limits the data communication, only one pair of the primary device can communicate in the same infrared space. 在惠普公司和IBM公司的一个合作中,一个进一步的规范,称作改进的红外(AIr)已经被开发出来,它定义了下一代红外数据通信系统。 In a joint HP and the IBM Corporation, a further specification, called the improved infrared (AIr) has been developed, which defines the next generation of infrared data communication systems. AIr被推荐用于房间中进行多点对多点的互通。 AIr is recommended for multi-room multipoint interoperability. 距离和数据速率可以从8米250kb/s到4米4Mb/s内进行变化。 Distance and data rate may vary from 8 m 250kb / s 4m to 4Mb / s. 它设计成用于多个外设之间的无绳连接,和会议室的协作应用。 It is designed for cordless connections between cooperating applications plurality of peripherals, and conference rooms. 关于IrDA的细节见IrDA的网站http://www.irda.org。 See details on the website http://www.irda.org IrDA IrDA is.

HomeRF(基于共享的无线接入协议(SWAP))是可以被用于连接装置的一个工作环境的另一个示例。 HomeRF (based on Shared Wireless Access Protocol (the SWAP)) can be used in another example of a connection device operating environment. 通过为在房间中和房间的周围的PC和消费电子装置之间所进行的无线数字通信建立一个开放的工业规范,一个HomeRF工作组被形成来为很多消费装置提供互通基础。 By establishing a wireless digital communication is open and the room between the PC and consumer electronic devices around the room for the industry specifications, a HomeRF Working Group was formed to provide a basis for many consumer interworking device. 所述工作组,包括个人计算机领域,消费电子领域,外设领域,通信领域,软件和半导体工业中的领导者公司,正在开发用于在房间中进行无线通信的一个规范,称作SWAP。 The Working Group, including the field of personal computers, consumer electronics, peripherals art, communications, software, and semiconductor industry leader company, is developing a specification for wireless communications in a room, called SWAP. HomeRFSWAP系统被设计成来承载语音和数据业务,并且与公用交换电话网络(PSTN)和互联网进行互通;它工作在2400M赫兹频带,并且使用一个数字跳频扩频无线技术。 HomeRFSWAP system is designed to carry voice and data traffic, and interworking with the public switched telephone network (PSTN) and the Internet; it operates in 2400M Hz band, and uses a digital frequency hopping spread spectrum radio technology. SWAP技术产生于已经存在的无绳电话(DECT)和无线LAN技术到新一类家用无绳服务的延伸。 SWAP techniques in cordless telephone (DECT) and wireless LAN existing technology to extend a new class of home cordless services. 它支持时分多址(TDMA)服务,来提供发送交互式的语音和其它对时间敏感的业务,并且支持载波侦听多址/碰撞避免(CSMA/CA)服务,来发送高速包数据。 It supports time division multiple access (TDMA) service to provide interactive voice and send other time-sensitive business, and supports Carrier Sense Multiple Access / Collision Avoidance (CSMA / CA) service to transmit high-speed packet data. 在一个连接点的控制下,SWAP系统既可以作为一个临时网络工作,又可以作为一个管理网络工作。 Under the control of a connection point, SWAP system either as a temporary network is working, but also as a network management work. 在一个仅支持数据通信的临时网络中,所有站是平等的,网络的控制分布于各站。 In an ad hoc network that supports only data communications, all stations are equal, distributed control of the network stations. 对于对时间敏感的通信,例如交互式语音来说,需要向PSTN提供网关的所述连接点来协调所述系统。 For time-sensitive communications such as interactive voice, the connection point to the need to provide a gateway to the PSTN to coordinate the system. 各站使用CSMA/CA来与一个连接点和其它站进行通信。 Each station uses CSMA / CA to communicate with a connection point and other stations. 关于HomeRF的进一步细节见家用无线频率工作组的网站http://www.homerf.org。 For further details, see the website http://www.homerf.org home HomeRF radio frequencies Working Group. 在这里,整个SWAP规范1.0被引用作参考。 Here, the entire SWAP specification 1.0 is incorporated by reference.

所发送的信息仅局限于一个特定的接收器,不适合于每一个人。 Information transmitted is limited to a particular receiver are not suitable for everyone. 对于确保安全和授权通信来说,加密的方法是有用的和有帮助的。 To ensure security and authorization communications, encryption method is useful and helpful. 一个密码系统是经过一个媒质从一个发送者向一个接收器发送一个消息,以确保所述消息是′安全的′的一个系统。 A cryptographic system is a medium through a receiver to send a message from a sender, to ensure that the message is 'secure' of a system. 这意味着,仅特定接收器能够恢复所述消息。 This means that only a specific receiver to recover the message. 所述密码系统将所述消息,也称作普通文本,转换为一个加密格式,称作被加密的文本。 The cryptographic system of the message, also referred to as plain text, is converted to an encrypted format, known as the encrypted text. 通过使用一个或者多个加密密钥来对所述消息进行操作或者转换,来完成加密过程。 By using one or more encryption keys to operate the conversion of the message or to complete the encryption process. 接收器通过将被加密的文本转换回普通文本来解密所述消息。 Receiver via the encrypted text is converted back to normal text decrypt the message. 这是通过使用一个或者多个加密密钥来执行操作或者转换过程的逆过程来完成的。 This is accomplished by using one or more encryption keys to perform an operation or a reverse process to complete the conversion process. 这样一个加密传送是安全的,只要仅发送器和接收器知道所述密钥。 Such an encrypted transmission is secure, so long as only the sender and the receiver knows the key. 过去已经提出了几个密码系统,例如公用密钥密码系统。 Over the past several cryptographic systems have been proposed, such as public key cryptography. 在一个公用密钥密码系统中,一个私有密钥总是数学上与一个公用密钥连接在一起。 In a public key cryptography system, a private key is always mathematically linked together with a public key. 例如,已知的和已经使用的公用密钥密码系统是Diffie-Hellman密钥协议, RSA方法,或者EIGamal方法。 For example, the known public key cryptosystem, and has been used is the Diffie-Hellman key agreement, the RSA method, or a method EIGamal. R.Cramer和V.Shoup推荐了一个不可扩展的公用密钥密码系统,对于自适应选择碎片文本的攻击(adaptive chosen chipertext attack),它被证明是安全的。 R.Cramer and V.Shoup recommended a non-scalable public key cryptography system, adaptive selection for text fragments attacks (adaptive chosen chipertext attack), it proved to be safe.

发明内容 SUMMARY

本发明的一个目的是在一个网络遍布的环境中,提供在装置之间交换信息的一个方法。 An object of the present invention is a networked pervasive environment, a method is provided between the means of exchanging information.

本发明的另一个目的是提供一个识别计算机通信对等端的方法。 Another object of the present invention is to provide a method for identifying a computer communication peers.

本发明的另一个目的是提供在至少两个装置之间建立一个鉴权通信会话的一个方法。 Another object of the present invention is to provide a method for establishing an authenticated communication session between at least two devices.

本发明的另一个目的是提供在至少两个装置之间建立一个安全通信会话的一个方法,以确保隐私不被泄漏。 Another object of the present invention is to provide a method for establishing a secure communication session between at least two devices to ensure privacy is not leaking.

本发明一般涉及本地网络,更特别地,涉及一个鉴权和/或者安全通信会话的建立。 The present invention relates generally to local networks and, more particularly, relates to an authentication establishment and / or secure communication session. 所提出的一个初始方法是允许本地分布式服务来建立一个会话,并且通过所述会话来交换信息。 An initial method is proposed that allows locally distributed services to establish a session and exchange information through the session. 这样一个会话被用于在功能单元或者装置之间进行数据通信,并且术语“会话”指所有在连接的建立、维护和释放期间所发生的活动。 Such a session is used for data communication between functional units or devices, and the term "session" refers to all of the established connection, the activity occurring during maintenance and release. 根据本发明,至少两个装置参加了在一个网络遍布的计算环境中进行的一个会话。 According to the invention, at least two devices participate in a session in a computing environment of a network throughout.

本发明的第一方面提供一种用于在第一装置和至少一个远程第二装置之间提供鉴权通信会话的方法,包括步骤:在所述第一装置和所述远程第二装置之间激发一个单向无线通信信道;为了把加密信息提供给所述远程第二装置,经过所述单向无线通信信道从所述第一装置向所述远程第二装置发送一个序列;以及使用所述加密信息进行加密,经过一个无线广播媒质向所述第一装置发送一个被加密的响应。 A first aspect the present invention provides a method for providing authentication of a communication session between a first device and at least a remote second device, comprising the steps of: between said first means and second means in said remote exciting a unidirectional wireless communication channel; for the encrypted second information to the remote device, via said unidirectional wireless communication channel a transmitted sequence from the first device to the remote second device; and using the encrypting the encrypted information, transmitting an encrypted response to the first device via a wireless broadcast medium.

本发明的第二方面提供一种用于提供与至少一个远程装置的鉴权通信会话的装置,包括:一个初始发送器,用于经过一个单向无线通信信道向所述远程装置发送一个序列;一个接收器,用于经过一个无线广播媒质从所述远程装置接收被加密的信息;以及一个密码系统,提供适合于经过所述单向无线通信信道向所述远程装置进行传送的加密信息,由此所述接收器能够经过所述无线广播媒质接收能够被所述密码系统处理的被加密信息。 A second aspect of the present invention to provide a means for providing at least one authenticated communication session with a remote device, comprising: an initial-transmitter, for wireless communication via a unidirectional transmission channel to a sequence of the remote device; a receiver for a wireless broadcast medium via the remote device receives the encrypted information; and a password system, adapted to provide via said unidirectional wireless communication channel encrypting information transmitted to the remote device, by the this is possible via the receiver receiving said wireless broadcast medium encrypted information which can be the cryptographic processing system.

本发明第三方面提供一种用于提供与至少一个装置的鉴权通信会话的装置,包括:一个初始接收器,用于经过一个单向无线通信信道从所述装置接收一个序列,以获得加密信息;一个密码系统,用于处理所述加密信息;以及一个发送器,用于经过一个无线广播媒质向所述装置发送被加密的信息。 A third aspect of the present invention to provide an apparatus for authenticating a communication session with at least one device is provided, comprising: an initial receiver for via a unidirectional wireless communication channel from said receiving means a sequence to obtain encrypted information; a cryptographic system for processing the encrypted information; and a transmitter for transmitting via a wireless broadcast medium encrypted information to the device.

本发明第四方面提供一种用于提供第一装置与第二装置的鉴权通信会话的通信系统,每一个所述装置均具有用于编码和解码信息的一个密码系统,由此所述第一装置包括一个初始发送器和第一收发器,所述初始发送器用于经过一个单向无线通信信道向所述第二装置发送一个序列,以将加密信息送给所述第二装置,所述第一收发器用于经过一个无线广播媒质在所述第一和第二装置之间进行加密的通信;以及所述第二装置包括一个初始接收器和第二收发器,所述初始接收器用于经过所述单向无线通信信道从所述第一装置接收所述序列,以获得所述加密信息,所述第二收发器用于经过所述无线广播媒质在所述第一和第二装置之间进行加密的通信。 A fourth aspect of the present invention to provide a communication system for providing a communication session authentication first and second devices, each of said devices comprises a cryptographic system for encoding and decoding information, whereby the first a transmitter means comprising an initial and a first transceiver, for the initial transmission via a unidirectional wireless communication channel to transmit a sequence of said second means, to the encrypted information to said second means, said a first transceiver via a wireless broadcast medium is used for encrypted communication between said first and second means; and said second means comprises a receiver and an initial second transceiver, for receiving through said initial said unidirectional wireless communication channel from said first receiving means of the sequence to obtain the encrypted information to the second transceiver via said wireless broadcast medium in between said first and second means encrypted communications.

基本思想是:一个用户希望在一个第一装置和第二装置之间建立一个被所述用户所授权的授权会话。 The basic idea is: a user wishes to establish a user to be authorized by the authorization session between a first device and a second device. 第一装置是所述用户所携带的个人装置,例如一个个人助理;第二装置是在用户附近区域中的例如一个服务装置。 The first device is a personal device carried by the user, for example, a personal assistant; second means is, for example, a service user apparatus in the vicinity. 使用一个直接的小范围通信链路来发起一个通信会话。 Using a small direct communication link to initiate a communications session. 所以,第一装置向目标装置发送加密信息和/或者通信参数。 Therefore, the first device transmits encryption information and / or communication parameters to the target device. 所述目标装置,即第二装置反过来使用所接收的信息和参数来建立到所述发起装置,即第一装置的一个无线广播连接。 The target device, i.e., a second means to turn to establish the originating device, i.e. a device connected to a first radio broadcast using the received information and parameters. 本发明的进一步内容是实现确保一个安全会话、和控制在个人和服务装置之间进行通信的时间帧的一个密钥。 Further the present invention is to achieve a secure session to ensure and control a key time for communication between the individual frames and the service device.

为了在用户的个人装置和服务装置,例如一个银行终端之间建立一个鉴权会话,用户将个人装置指向服务装置,或者至少是所述方向,并且经过一个单向无线通信信道,例如经过一个红外信道,传递包括一个口令、一个公用密钥、一个会话密钥、标志参数、和/或者通信参数的一个序列或者一个初始序列。 For the user's personal device and the serving device, such as establishing a session between a bank terminal authentication, user pointing devices personal service unit, or at least the direction and via a unidirectional wireless communication channel, for example via an infrared channel, including transmitting a password, a public key, a session key, a sequence of identifying parameters, and / or a communication parameters or initial sequence. 在接收了所述序列后,服务装置通过一个无线广播媒质发送回仅能够被所述个人装置所解密和使用的加密信息,来进行响应。 Upon receipt of said sequence, via the service means transmits a wireless broadcast medium back the encrypted information can only be decrypted and the personal device used, responds. 所述响应可能包括信息,一个密钥,另外一个会话密钥,和来自服务装置的通信参数,以用于经过所述无线广播媒质进行进一步的通信。 The response may include information, a key, a further session key, and communication parameters from the serving device for wireless broadcast medium via the further communication. 所述个人装置接收被加密的信息。 The personal device receives the encrypted information.

对于经过所述无线广播媒质的一个安全会话,密钥被交换。 For the wireless broadcast medium via a secure session key is exchanged. 这样,可以经过所述无线广播媒质进行一个加密通信。 Thus, an encrypted communication may be performed via the wireless broadcast medium.

至于哪一个装置发送通信参数或者会话密钥并不重要。 As parameters which transmits a communication device or a session key is not important.

将个人装置安排在服务装置方向上的需求考虑到了采用一种本能(直观)的方法来选择一个通信方。 The personal device arranged in the direction of the apparatus into consideration the needs and services using an instinct (visual) method to select a communication party. 人们从孩童时就开始习惯于指向事物。 It began as a child from the point things are accustomed to. 另外,指的优点是可以明确地选择一个通信目标;例如,使用PAN链路,用户不得不实际触摸所述通信目标;使用激光链路,可直观地选择一个通信方。 Further, the advantage is clearly referring to select a communication object; e.g., a PAN links the user has to actually touch the communication target; link using a laser, can intuitively select a communication party.

如果这两个装置共享相同的无线广播媒质,并且是一个本地网络的部分,然后就可以出现下述优点:即使携带个人装置的所述用户由于走到另一个房间或者楼层改变了其位置,也可以继续一个已发起的会话。 If the two devices share the same wireless broadcast medium and are part of a local network, then the following advantages can arise: even when the user carrying the personal apparatus since went to another room or a floor changes its position, you can continue to have initiated a conversation. 如果个人装置下载大文件或者与服务装置进行长时间的通信时,这变得非常有用。 If the personal device to download large files or devices to communicate with the service a long time, it becomes very useful. 一个红外(IR)信道或者一个射频(RF)信道,特别地是一个IrDA信道,一个HomeRF信道,一个蓝牙信道,一个个人局域网(PAN)信道,一个声学信道,或者任何其它确保用户进行大范围动作的信道可以用作无线广播媒质。 An infrared (IR) channel or a radio frequency (RF) channel, in particular an IrDA channel, a HomeRF channel, a Bluetooth channel, a Personal Area Network (PAN) channel, an acoustic channel, or any other to ensure the user a wide range of operation the channel may be used as the wireless broadcast medium.

为了激发通信会话和为了发送可能包括敏感信息的一个初始序列,单向无线通信信道可以确保仅目标装置能够接收所述初始序列。 In order to stimulate the communication session and to transmit an initial sequence may include sensitive information, the unidirectional wireless communication channel can ensure that only the target device capable of receiving the initial sequence. 如果可以使用一个诸如视线链路的方向信道,则因为没有其它方可以偷听和接收所述初始序列,这就特别有利。 If you used, such as a line of sight direction channel link, then since no other parties can eavesdrop and receive the initial sequence, which is particularly advantageous. 这样的一个信道可以是一个光学信道,例如一个红外或者一个激光信道,一个个人局域网(PAN)信道,一个方向射频(RF)信道,一个感性信道,一个容性信道,或者每一个其它适合于短距离、有方向性的通信链路的信道。 Such a channel may be an optical channel, such as an infrared or a laser channel, a Personal Area Network (PAN) channel, a direction of a radio frequency (RF) channel, an inductive channel, a capacitive channel, or every other adapted to short from there a channel directional communication link.

如果服务装置用信号通知已接收到来自个人装置的序列,则有优点:所述用户获得一个反馈并且知道服务装置已准备好进行进一步的通信。 If the device has received the service sequence from the personal device signaled, there are advantages: the user gets a feedback and knows that the serving device is ready for further communication. 这可以通过一个灯,一个LED,或者一个扬声器给出的一个光学和/或者声学信号来指示。 This can be a lamp, a the LED, speaker or a given one optical and / or acoustic signal is indicated.

当所述服务装置周期性地侦听来自个人装置的序列时,其优点就是可以立即处理一个被发送的序列。 When the serving device listens periodically sequence from the personal device, which has the advantage of performing a single sequence is transmitted immediately.

如果个人装置连接到一个用户,例如通过一个PAN,那么建立一个通信就变得非常简单,因为所述用户然后可以使用一个直观的方式触摸直观服务装置,来经过其人体激发单向无线通信信道。 If the device is connected to a personal user, e.g., by a the PAN, then establish a communication becomes very simple, because the user can then use an intuitive touch intuitive way the serving device, to which the human body through the excitation unidirectional wireless communication channel. 不需要额外的卡或者其它事物来建立一个鉴权会话。 No additional cards or other things to establish a authenticated session.

如果通过使用一个密码系统来保护经过所述无线广播媒质进行的响应和进一步的通信,然后就有如下优点:被交换的信息被很好地隐藏,并且不能够被其它人恢复。 If the response and to protect further communication via the wireless broadcast medium is performed by using a cryptosystem, and then there are the following advantages: exchanged information is well hidden, and others can not be recovered. 一个合适的系统可以是一个公用密钥系统,其中仅公用密钥被交换一次。 A suitable system may be a public key system, wherein only the public key is exchanged once.

本发明的另一个优点是-在无线单向链路的情形下-不需要个人装置和服务装置进行直接的接触。 Another advantage of the present invention is that - does not require direct contact personal device and the service device - in the case of a wireless unidirectional link. 例如,金融卡,智能卡,或者个人装置中或者多个个人装置中的任何其它卡本身可以被从一个远的距离下载或者上载信息,例如电子邮件,数据,或者钱数目。 For example, debit card, smart card, or a personal device or plurality of personal devices in any other card itself can be downloaded from a far distance or upload information, such as email, data, or the number of money. 卡不需要被放置到装置中或者阅读装置中,这能够避免产生错误,省去PIN码,并且有助于节省时间。 Card need not be placed into the device or reading device, which can avoid errors, eliminating the need for a PIN code, and helps to save time.

一个安全会话在靠近一个服务装置或者在一个服务装置的前面时开始,并且可以被使用一个安全的方法传送较长的距离。 A secure session starts near a service device or service is in front of a device, and may be transmitted long distances using a secure method. 服务装置可以被安装在需要用到这些装置的地方,例如:在银行,办公室,仓库,购物中心,和建筑物的外面,仅举出一些示例。 Service device can be installed in place need to use these devices, such as: outside the bank, offices, warehouses, shopping centers, and buildings, to name a few examples. 这给用户带来更大的独立性和动作的自由性。 This gives users greater independence and freedom of action. 例如,服务装置可以被放置在一个音乐会广告的附近。 For example, the service device can be placed in the vicinity of a concert advertising. 这样,当一个用户在火车站等待并且观看所述音乐会的广告时,就可以购买所述音乐会的一张门票并且进行付费。 Thus, when a user waiting at the train station and watch the concert of ads, you can buy a ticket to the concert and make payments. 这张门票可以被电子地保存在一个卡中,或者个人装置中,并且在音乐会的入口处可以被上载。 This ticket can be electronically stored on a card, or a personal device and can be uploaded at the entrance of the concert. 用户不需要在一个售票处进行排队,并且也不会忘记买票。 Users do not need to queue at a ticket office, and will not forget to buy a ticket.

附图说明 BRIEF DESCRIPTION

下面参考下述图来更详细地描述本发明。 The present invention will be described below in more detail with reference to the following FIG.

图1显示了根据本发明的一个应用原理图,其中一个用户希望在他的个人装置与一个远程服务装置之间建立一个鉴权会话。 Figure 1 shows a schematic diagram of an application of the present invention in which a user wishes to establish an authenticated session between his personal device and a remote serving device.

图2显示了图1的一个更详细的描述。 Figure 2 shows a more detailed description of FIG.

具体实施方式 detailed description

为了简单起见,没有以实际的尺寸来显示所有图,尺寸之间的相对关系也不符合实际。 For simplicity, not to show the actual size relationships between all opposing FIG size not realistic.

为了本发明的描述,术语网络遍布的计算环境被定义为便携式信息装置和固定信息装置通过无线网络技术进行通信的一个环境。 In order to describe the present invention, the term networked pervasive computing environment is defined as information of a portable information device and the fixed device communicate through a wireless network environment technology. 在这样一个环境中进行的装置之间的通信是基于区域相邻性。 Communication between the device in such an environment is based on the area adjacency. 这些装置开始进行通信的距离是很小的。 The apparatus starts communication distance is small. 这样,仅当装置处于相邻位置时,才可能开始进行一个会话。 Thus, only when the device is adjacent positions, it may begin a conversation. 进一步,通信关系的建立本质上是临时的。 Further, the nature of the establishment of communication relationships are temporary. 这意味着无论何时两个装置处于相邻位置,物理层上的通信就可以进行。 This means that whenever two devices are in adjacent positions on the physical layer of the communication can be performed. 这样一个装置的用户需要控制信息流;特别是在包括敏感信息,例如信用卡细节,鉴权等等信息时需要这样做。 Such a device requires a user to control the flow of information; in particular include sensitive information, such as credit card details, the authentication information and the like need to do so. 一个类似的问题是已经描述其机制的会话控制。 A similar problem is already described its session control mechanisms.

在本发明的上下文中,一个本地网络被定义为这样一个网络,它包括至少两个位于相互可以进行通信的范围内的装置。 In the context of the present invention, a local network is defined as a network, which comprises at least two mutually located within the communication devices may be made. 在这样一个本地网络中,装置相互进行通信可以不需要一个有线网络。 In such a local network, each device may not require a wired communication network. 一个本地网络不需要连接到一个固定网络的一个接入点。 A local network does not need a connection to a fixed network access point. 所述本地网络完全可以于其它任何网络隔离,或者它可以包括一个或者多个提供可以访问有线网络的装置(有线)的接入点。 The local network may be completely isolated from any other network, or it may comprise means (wired) provide one or more access to the wired network access points.

根据本发明构成一个本地网络的特定范围决定于实际的实施细节。 It constitutes a local network in accordance with the present invention depends on the specific range of the actual implementation details. 一般,一个本地网络的覆盖范围可以被描述为在几平方米到几百平方米。 Usually, the coverage of a local network can be described as a few square meters to several hundred square meters. 在特定环境下,通信范围可以更大。 Under certain circumstances the communication range may be greater.

本发明的网络方法可以用于仓库,车间,办公室,交易所,私人家庭,汽车,和卡车,飞机,和建筑物的周围等等,这里仅举出一些示例。 Network methods of the present invention can be used in warehouses, workshops, offices, exchanges, private homes, cars, and trucks, planes, and surrounding buildings, etc., just to name a few examples.

当用术语装置时,指的是可以是一个本地网络成员的任何类型的装置。 When the term apparatus refers to may be any type of member of a local network device. 装置的示例是:台式计算机,工作板(workpad),节点板(nodepad),个人数字助理(PDA),笔记本计算机和其它可携带计算机,桌面计算机,计算机终端,网络计算机,互联网终端和其它计算机系统,机顶盒,现金出纳机,条形码扫描器,销售点终端,公用电话亭系统,蜂窝电话,寻呼机,手表,数字手表,身份证件,智能卡,和其它手持式和配载式装置。 Exemplary device is: a desktop computer, a working plate (WorkPad), gusset (nodepad), a personal digital assistant (PDA), notebook computers and other wearable computers, desktop computers, computer terminals, networked computers, internet terminals and other computer systems set top boxes, cash registers, bar code scanners, point of sales terminals, kiosk systems, cellular phones, pagers, wrist watches, digital watches, identification cards, smart cards, and other hand-held type device and stowage. 所考虑的其它装置包括:头戴式耳机,人机接口装置(HID)兼容外设,数据和语音接入点,照相机,打印机,传真机器,键盘,游戏杆,厨房用具,工具,传感器例如烟和/或者火检测器,和实际上任何其它数字装置。 Other contemplated devices include: headsets, Human Interface Device (HID) compatible peripherals, data and voice access points, cameras, printers, fax machines, keyboards, joysticks, kitchen appliances, tools, sensors such as smoke and / or fire detectors, and virtually any other digital device.

可以与本发明一起使用的可携带计算机的其它示例是,装备有类似计算机的硬件的个人物品,例如一个“智能钱包”计算机,珠宝,或者衣物物品。 Other examples of wearable computers that can be used with the present invention, similar items equipped with a personal computer hardware, such as a "smart wallet" computer, jewelry, or articles of clothing. 除了一个“智能钱包”计算机外,有许多其它形式不同的可携带计算机。 In addition to a "smart wallet" computer, but there are many other different forms of wearable computers. 一个“皮带”计算机是这样一个变化,它允许用户在周围移动时可以冲浪(surf),口授和编辑文档。 A "belt" computer is such a change, which allows users to move around in the surf (surf), dictate and edit documents. 另一个示例是一个小孩的计算机,它可以与用于小学儿童的个人数字助理相比。 Another example is a child of the computer, it can be compared to a personal digital assistant for primary school children. 所述小孩的计算机可以保存作业,执行计算,并且帮助小孩管理他们的作业。 The child's computer can save a job, perform calculations, and help kids manage their operations. 它可以与其它小孩的计算机进行通信来实现合作,并且它可以访问一个老师的计算机来下载作业或者反馈。 It can communicate with a computer other children to achieve cooperation, and it can access a teacher's computer to download job or feedback. 任何可携带或者便携式装置,任何办公室工具或者设备,家庭工具或者设备,机动车所使用的系统,或者公共使用(自动贩卖机,自动售票机,自动取款机,等等)的系统可以用于本发明的上下文。 Any portable device, or a portable system of any office tool or equipment, home tool or equipment, motor vehicles are used, or the use of public (vending machines, ticket vending machines, automated teller machines, etc.) may be used in the present system the context of the invention.

网络拓扑结构:本发明的方法可以用于本地网络,并且可以支持点对点和/或者点对多点的连接。 Network topology: The method of the present invention may be used in a local network, and can support the connection point and / or multipoint. 几个网络段(组)可被临时建立和连接在一起。 Several network segments (groups) can be established and linked together temporary. 网络拓扑结构比本发明的主题的层次低。 Network topology is lower than the level of the subject matter of the invention. 仅当需要时,才谈到网络拓扑结构。 Only when needed, before it comes to the network topology. 注意,本发明与网络拓扑结构无关,并且可以用于任何类型的、允许广播的网络拓扑结构。 Note that the present invention is independent of the network topology and can be used in any type of network topology allowing broadcast.

网络技术:本发明的方法可以与任何类型的通信技术,例如RF,IR,或者其它光学技术,人体网络(例如PAN),和类似的技术一起使用。 Network technology: The method of the present invention may be, for example, RF, IR, or other optical techniques, body networks (e.g. PAN), and similar technologies used with any type of communication technology.

下面,联系图1和图2来描述本发明的一个示例性实施方式(第一实施方式)。 Below, in connection with FIGS. 1 and 2 to describe an exemplary embodiment of the present invention embodiment (first embodiment). 图1中,一个简单的示例显示了一个用户7,所述用户7希望建立一个授权会话8,以在位于所述用户手中的一第一装置1和位于所述用户附近的一第二装置2之间交换信息。 In Figure 1, a simple example showing a user 7, the user 7 wishes to establish a session authorization 8, to a first device is in the user's hand and a second device located in a vicinity of the user 2 exchange of information between. 为了进行所述交换,所述用户7物理地用第一装置1来指向第二装置2的方向,以激发一个连接。 For the exchange, the user 7 physically to a pointing direction of the first device with a second device 2, to excite a connection. 第一装置1经过一个单向无线通信信道3向所述目标装置,第二装置2,发送带加密信息的一个序列5。 The first device 1 via a unidirectional wireless communication channel 3 to the target device, the second device 2 transmits a sequence 5 with encryption information. 如果单向无线通信信道3是作为一个可以确保安全的、具有方向性的视线链路,例如一个红外信道建立的,就有利,因为没有任何其它人可以偷听所述链路。 If the unidirectional wireless communication channel 3 can be ensured as a safe, a directional line of sight link, such as an infrared channel established, it is advantageous, because no other person can overhear the link. 第二装置,可以是一个打印机或者另外一个人的装置,接收包括一个密码,密钥,通信参数,或者标志参数的序列5,并且使用所接收的信息来建立到用户第一装置1的、所期望的鉴权会话8。 The second means may be a printer of another person or device, including receiving a password, key, communication parameter, the parameter or flag sequence 5, and uses the received information to establish a user of the first device 1, the 8 desired authentication session. 一个无线广播媒质4被用于所述目的。 A wireless broadcast medium 4 is used for the purpose.

图2参考图1,并且显示了更多的细节安排。 Referring to FIG 1 FIG. 2, and shows more detailed arrangements. 第一装置1包括一个初始发送器10,一第一收发器11,一第一密码系统15。 The first device 1 comprises an initial-transmitter 10, a first transceiver 11, a first cryptosystem 15. 所有这些单元均连接到一第一处理单元16,这第一处理单元16又连接到其它单元,为了简单,其它单元没有被显示。 All these units are connected to a first processing unit 16, a first processing unit 16 which in turn is connected to the other units, for simplicity, other elements are not shown. 第一收发器11具有一第一广播接收器12和一第一广播发送器13。 The first transceiver 11 has a first broadcast receiver 12 and a first broadcast transmitter 13. 另一方面,第二装置2包括一个初始接收器20,一第二收发器21,和一第二密码系统25。 On the other hand, the second means 2 comprises an initial receiver 20, a second transceiver 21, 25 and a second cryptographic system. 所有装置2的这些单元均连接到一第二处理单元26,这第二处理单元26又连接到单元以进行数据处理,或者甚至连接到一个网络,为了简单,其它单元或网络没有被显示。 All these units are connected to the apparatus 2 to a second processing unit 26, the second processing unit 26 which in turn is connected to the data processing unit, or even connected to a network, for simplicity, other elements or networks are not displayed. 第二收发器21具有一第二广播发送器22和一第二广播接收器23。 The second transceiver 21 has a transmitter 22 and a second broadcast a second broadcast receiver 23. 进一步,第二装置2显示了一个信号装置30,这里是一个LED。 Further, the second device 2 shows a signal means 30, there is one LED. 所述LED30连接到中央处理单元26。 The LED30 connected to the central processing unit 26. 两个密码系统15,25的任务是加密和解密信息,以使用它们来隐匿和保护被交换的信息。 Mission systems 15, 25 are two passwords to encrypt and decrypt information, to use them to conceal and protect information exchanged.

为了提供鉴权,本发明的方法采用了一个公用密钥的方法。 To provide authentication, the method of the present invention employs a public key method. 这意味着一第一方使用一个私有密钥和一个加密算法产生一个公用密钥,并且将所述公用密钥发送到一第二方,或者使所述公用密钥被其它方知道。 That means a first party using a private key and a public key encryption algorithm to generate a, and transmits the public key to a second party or the other party knows the public key. 然后,例如,第二方使用所述接收的公用密钥对信息进行加密。 Then, for example, the second party using the received public key to encrypt information. 被加密的信息经过一个不安全的媒质或者信道,例如无线广播媒质例如一个射频(RF)信道被发送回。 Encrypted information via an insecure medium or channel, for example, a broadcast medium such as a wireless radio frequency (RF) channel are sent back. 但是,仅第一方能够使用其私有密钥解密所述信息。 However, only the first party can use its private key to decrypt the information.

根据本发明的初始方法按如下方法工作。 The method works as follows according to the initial process of the invention. 用户7,为了简单,图2中没有显示用户7,使用初始发送器10从第一装置1,经过单向无线通信信道3,这里指一个带方向性的IR信道,向第二装置2发送包括一个初始令牌Tinit的序列5。 Users 7, for simplicity, not shown in FIG 7 the user, using the initial transmission from the first device 10 1, via unidirectional wireless communication channel 3, referred to herein as a band IR directional channel is transmitted to the second device 2 comprises 5 a sequence of initial token Tinit. 所述初始令牌Tinit包括一个第一装置1的一个公用密钥KPpub和一个随机选择的现时p(noncep)。 The initiating token Tinit KPpub comprises a public key of the first device 1 and a randomly selected a current p (noncep). 通过经过所述单向无线通信信道3发送所述初始令牌Tinit,仅专用第二装置2能够接收和响应它。 By passing through said unidirectional wireless communication channel transmitting the initiating token Tinit 3, only the second dedicated device 2 can receive and respond to it. 如果第二装置2在初始接收器20接收所述序列5,并且第二处理单元26被通知并且被用序列5发送,然后LED 30被第一中央处理单元16触发,并且向用户7发送信号表示第二装置2已经准备好,并且可以开始一个通信会话。 If the second receiving means 20 receives second initial sequence of the 5, and the second processing unit 26 is notified and transmitted with sequence 5, then the LED 30 is triggered a first central processing unit 16, and transmits a signal 7 indicates to the user The second device 2 is ready and a communication session may begin. 在所有时间内,所述会话被用户控制,这意味着所述用户可以立即停止会话。 At all times, the user session is controlled, which means that the user can stop the session immediately. 正常地,第二装置2对所接收的初始令牌Tinit作出响应,使用无线广播媒质4,这里是一个射频(RF),从第二广播发送器22向第一装置1发送一个公用密钥令牌Tpub,作为响应6。 Normally, the initiating token Tinit second device 2 responds to the received, using the wireless broadcast medium 4, there is a radio frequency (RF), 22 a public key transmitted from the second broadcasting transmitter so that the first device 1 brand Tpub, in response 6. 被所述第二密码系统25所产生的所述公用密钥令牌Tpub包括第二装置2的公用密钥KSpub和接收的现时p的串联;使用在初始令牌Tinit中接收的第一装置1的公用密钥KSpub对所述公用密钥令牌Tpub进行加密。 The second cryptographic system 25 is generated by the public key comprises a public key token Tpub KSpub 2 and the current series of p second receiving means; a first means in the initiating token Tinit received 1 the public key token KSpub Tpub the public key encryption. 最后,第一装置1通过第一主接收器12接收所述响应6,并且通过使用第一处理单元16和第一密码系统15来处理所述响应6,并且通过使用第一广播发送器13来发送包括一个通信参数令牌Tcom的一个通信序列9。 Finally, the first device through the first primary receiver 1 receives the response 6 12, 6 and 15 in response to the processing by using the first processing unit 16 and the first cryptographic system, and by using the first broadcasting transmitter 13 transmitting a communication sequence 9 comprising of a communication parameter token Tcom. 所述通信序列9还经过无线广播媒质4被发送,并且被第二装置2的第二广播接收器23所接收。 After the communication sequence 9 it is also transmitted by the wireless broadcast medium 4, and a second receiving means 23 is a second broadcast receiver 2. 用所接收的第二装置2的公用密钥KSpub对通信参数令牌Tcom进行加密。 KSpub 2 public key of the token Tcom communication parameters encrypted using a second receiving means.

被交换的令牌在数学上可以被表示为如下:Tinit=KPpub||noncepTpub=[KSpub||noncep]KPpubTcom=[Com]KSpub第一密码系统15提供初始令牌Tinit和通信参数令牌Tcom,而第二密码系统25提供公用密钥令牌Tpub。 Exchanged token can be mathematically represented as follows: Tinit = KPpub || noncepTpub = [KSpub || noncep] KPpubTcom = [Com] KSpub first cryptosystem 15 provides the initiating token Tinit communication parameters and a token Tcom, whereas the second cryptosystem 25 provides the public key token Tpub.

通过使用第一收发器11和第二收发器21,经过无线广播媒质4在第一装置1和第二装置2之间进行随后的通信。 , Over the wireless broadcast medium 4 for subsequent communications between the first device 1 and second device 2 by using the first transceiver 11 and second transceiver 21. 由此,使用被第一装置1所规定的通信参数。 Thus, using the communication parameters specified in the first apparatus 1.

上面在一第一实施方式中已经描述了一个鉴权会话。 In a first embodiment the above embodiment has been described an authentication session. 但是,为了交换敏感信息,例如一个信用卡信息,仅鉴权是不够的。 However, in order to exchange sensitive information, such as a credit card information, only authentication is not enough. 在第一装置1和第二装置2之间需要一个安全的、私有通信链路。 1 between the first device and the second device 2 requires a secure, private communication link. 由此,通过在通信参数令牌Tcom中包括被第一装置1的第一密码系统15所产生的一个加密会话密钥KPsess,就实现了一第二实施方式。 Thus, by including a first encrypted session key cryptosystem KPsess is first generated by the apparatus 1 in the communication parameter token Tcom 15 in a second embodiment is realized embodiment. 每一个随后在这两个装置之间所进行的通信被使用所述加密会话密钥KPsess进行加密。 Each subsequent communication between the two devices is performed using the encryption session key encrypted KPsess.

另一个实施方式的目的是针对下述第一和第二实施方式的。 Another object of the following embodiments are directed to the first embodiment and the second embodiment. 在作为一个个人装置的第一装置1和作为一个服务装置的第二装置2之间所进行的通信通常发生在一个特定的、定时的上下文中。 Communication performed between a first device as a personal device and the second device serving as a means 2 usually occurs in a specific, timed context. 为了防止服务装置2能够一次又一次地重新使用所述初始令牌Tinit,一个失效日期TinitD被附加到所述初始令牌Tinit上。 In order to prevent the serving device 2 can be reused again and again the initiating token Tinit, a TinitD expiration date is attached to the initiating token Tinit. 这两个均在初始序列5中被发送。 Both are to be transmitted in an initial sequence 5. 仅如果被附加到初始令牌Tinit的失效日期TinitD还没有过去时,个人装置1才对公用密钥令牌Tpub作出响应。 Only if the expiration date is attached to the initiating token Tinit TinitD is not over, fishes personal device 1 responds Tpub public key token.

另一个实施方式是上述实施方式的一个变化。 Another embodiment is a variation of the above embodiment. 与失效日期TinitD类似,一个失效日期TsessD被附加到被所述个人或者第一装置1所产生的会话密钥KPsess上,并且经过无线广播媒质4被发送。 Similarly TinitD and expiration date, an expiration date is attached to the TsessD KPsess session key by the personal or first device 1 are generated, and is sent via a wireless broadcast medium 4. 失效日期TsessD的实现给予响应装置2一个定义的响应时间限制。 Expiration date TsessD administered to achieve a response time of the responding device 2 a defined limit. 如果所述限制已经被通过,就不再进行任何发送,并且停止会话。 If the limit has been passed, it is no longer any transmission, and stops the session. 这可以有助于节省便携式装置的功率和提高安全性。 This can help save power portable devices and improve security.

经过无线通信信道3向服务装置2传递带初始令牌Tinit的序列5应在用户7的明显控制下。 Sequence 5 via the wireless communication channel 3 with the initiating token Tinit 2 to be transmitted at significantly service control means 7 of the user. 根据单向无线通信信道3所使用的技术,可以使用不同的方法来解决所述问题。 According unidirectional wireless communication channel 3 is used, a different approach to solving the problem. 经过单向无线通信信道3,以后称作短单向信道3的通信在缺省情况下是禁止的。 Via unidirectional wireless communication channel 3, hereinafter referred to as short unidirectional channel 3 in the communication is disabled by default. 当所述单向通信信道3是一个激光笔的一个光学链路时,下述两个阶段的过程就解决了所述问题:(1)用户7按下一第一按钮来激发激光,并且通过直观控制激光束打在被瞄准目标的表面上所形成的光点来将所述激光对准所需的方向;(2)当用户7确定激光束已经瞄准目标时,他/她按下一第二按钮来实际向目标装置2发送带初始令牌Tinit的序列5。 When the one-way communication channel 3 is a optical link of a laser pointer, the following two-stage process to solve the problem: (1) the user presses a first button 7 to excite the laser, and by intuitive control of the laser beams to a spot on the surface of the formed targeting the laser beam to the alignment direction required; (2) when the user 7 determines that the laser beam has been aimed at a target, he / she presses a second 2 two buttons to actually transmit the sequence 5 with the initiating token Tinit to the target device. 当所述单向信道3是基于PAN技术时,下述两个阶段的过程解决了所述问题:(1)用户7通过按下一第一按钮来使能单向信道3;一旦激活,单向信道3就在一有限的时间δT内保持激活,在所述时间内,用户7有机会通过触摸PAN被使能的表面来经过方向性信道3发送序列5;(2)用户7触摸PAN使能的表面来实际经过所述单向信道发送序列5。 When the unidirectional channel 3 is based on the PAN technology, the following two-stage process solves the problem: (1) the user by pressing a first button 7 to enable the unidirectional channel 3; Once activated, single the channel 3 remains active for a limited period of time delta T, within the time, the user 7 has the opportunity to be surface energy by touching the PAN be via directional channel 3 transmission sequence 5; (2) the user 7 touches PAN so surface energy to actually passing through the unidirectional channel transmission sequence 5. 在δT已经过去后,就立即关闭经过所述单向信道3的通信,这防止产生任何其它进一步的偶然信息交换。 After δT has elapsed, it turns off immediately after the one-way communication channel 3, which further prevents any further accidental information exchange.

激活过程的一个扩展是用户可以通过重复地按下个人装置的第一按钮来延长所述时间限制T。 A spreading activation process is that the user can be extended by repeatedly pressing the first button of the personal device limit time T.

另外,个人装置应提供一个类似的装置来立即关闭通用无线通信信道3。 Further, the personal device should provide a similar means to immediately close the common radio communication channels 3.

任何所公开的实施方式可以与显示的和/或者描述的一个或者多个其它实施方式组合。 / Or one or more other embodiments described embodiment in combination with any of the embodiments disclosed and may be displayed. 这对本发明的一个特征或者多个特征来说同样是可能的。 This feature of the present invention or a plurality of features is also possible.

Claims (27)

1.一种用于在第一装置(1)和至少一个远程第二装置(2)之间提供鉴权通信会话的方法,包括步骤:在所述第一装置(1)和所述远程第二装置(2)之间激发一个单向无线通信信道(3);为了把加密信息提供给所述远程第二装置(2),经过所述单向无线通信信道(3)从所述第一装置(1)向所述远程第二装置(2)发送一个序列(5);以及使用所述加密信息进行加密,经过一个无线广播媒质(4)向所述第一装置(1)发送一个被加密的响应(6)。 A method for providing an authentication session between a first communication device (1) and at least a remote second device (2), comprising the steps of: said first means (1) and said second remote exciting a unidirectional wireless communication channel (3) between two devices (2); to the encrypted information to said remote second device (2), via said unidirectional wireless communication channel (3) from the first means (1) (2) second means to the remote transmitting a sequence (5); and using the encrypted information is encrypted, via a wireless broadcast medium (4) to said first transmitting means (1) is a encrypted response (6).
2.如权利要求1所述的方法,其中所述两个装置(1,2)共享所述无线广播媒质(4),并且是一个本地网络的组成部分。 2. The method according to claim 1, wherein said two devices (1, 2) share said wireless broadcast medium (4), and is part of a local network.
3.如权利要求1所述的方法,其中所述单向无线通信信道(3)是一个光学信道,一个个人局域网信道,一个具有方向性的射频信道,一个感性信道,或者一个容性信道。 The method of claim 1 claim, wherein said unidirectional wireless communication channel (3) is an optical channel, a Personal Area Network channel, a directional radio channel having a inductive channel, or a capacitive channel.
4.如权利要求1所述的方法,其中所述单向无线通信信道(3)是一个具有方向性的信道。 4. The method according to claim 1, wherein said unidirectional wireless communication channel (3) is a channel having a directivity.
5.如权利要求4所述的方法,其中所述具有方向性的单向无线通信信道(3)是一个视线链路。 5. The method according to claim 4, wherein said directional unidirectional wireless communication channel (3) is a line of sight link.
6.如权利要求1所述的方法,其中所述第一装置(1)的一个初始发送器(10)被安排成使所述单向无线通信信道(3)指向所述第二装置(2)。 6. The method according to claim 1, wherein said first means (1) an initial-transmitter (10) is arranged such that said unidirectional wireless communication channel (3) towards said second means (2 ).
7.如权利要求1或者2所述的方法,其中所述无线广播媒质(4)是一个光学信道,一个声学信道,一个射频信道,一个HomeRF信道,一个蓝牙信道,或者一个个人局域网信道。 7. The method of claim 1 or claim 2, wherein said wireless broadcast medium (4) is an optical channel, an acoustic channel, a radio channel, a HomeRF channel, a Bluetooth channel, or a Personal Area Network channel.
8.如权利要求1所述的方法,其中所述单向无线通信信道(3)的通信距离能够达到几米,并且所述无线广播媒质(4)的一个信道的通信距离与所述单向无线通信信道(3)的通信距离相同或者更远。 8. The method according to claim 1, wherein said unidirectional wireless communication channel (3) meters communication distance can be achieved, and the communication distance of the wireless broadcast medium (4) is a unidirectional channel with the radio or farther same communication channel (3) the communication distance.
9.如权利要求1所述的方法,其中仅所述远程第二装置(2)能够接收所述序列(5)。 9. The method according to claim 1, wherein only said remote second device (2) capable of receiving said sequence (5).
10.如权利要求1所述的方法,其中所述远程第二装置(2)使用一个光学或者/和声学信号来发出信号表示已经接收了来自所述第一装置(1)的所述序列(5)。 10. The method according to claim 1, wherein said remote second device (2) using an optical or / and acoustic signals to signals that have been received from said sequence of said first means (1) ( 5).
11.如权利要求1所述的方法,其中所述远程第二装置(2)周期性地侦听所述序列(5)。 11. The method according to claim 1, wherein said remote second device (2) listens periodically said sequence (5).
12.如权利要求1所述的方法,其中所述第一装置(1)连接到一个用户(7),其中所述用户(7)触摸所述远程第二装置(2),以激发经过所述用户人体的所述单向无线通信信道(3)。 12. The method of claim 1, (7) touches said remote second device (2) wherein said user, wherein said first means (1) is connected to a user (7), to the excitation through the body of the user of said unidirectional wireless communication channel (3).
13.如权利要求1所述的方法,其中所述两个装置(1,2)中的一个装置发送至少一个通信参数和/或者一个会话密钥。 13. The method according to claim 1, wherein a device of the two devices (1, 2) transmit at least a communication parameter and / or a session key.
14.如权利要求1所述的方法,其中经过所述无线广播媒质(4)的所述响应(6)被使用一个公用密钥密码系统来进行保护。 14. The method according to claim 1, wherein said response through said wireless broadcast medium (4) (6) is used for a public key cryptography protection.
15.如权利要求1所述的方法,其中所述加密信息包括一个口令和/或者一个公用密钥。 15. The method according to claim 1, wherein said encryption information comprises a password and / or a public key.
16.一种用于提供与至少一个远程装置(2)的鉴权通信会话的装置,包括:一个初始发送器(10),用于经过一个单向无线通信信道(3)向所述远程装置(2)发送一个序列(5);一个接收器(12),用于经过一个无线广播媒质(4)从所述远程装置(2)接收被加密的信息;以及一个密码系统(15),提供适合于经过所述单向无线通信信道(3)向所述远程装置(2)进行传送的加密信息,由此所述接收器(12)能够经过所述无线广播媒质(4)接收能够被所述密码系统(15)处理的被加密信息。 16. An apparatus for at least one remote device (2) a communication session authentication, comprising providing: an initial-transmitter (10) for via a unidirectional wireless communication channel (3) to the remote device (2) transmitting a sequence (5); a receiver (12) for via a wireless broadcast medium (4) from the remote device (2) receives the encrypted information; and a password system (15), providing adapted via said unidirectional wireless communication channel (3) encrypting information transmitted to the remote device (2), whereby the receiver (12) capable of receiving via said wireless broadcast medium (4) capable of being encrypted information of said cryptographic system (15) processing.
17.如权利要求16所述的装置,进一步包括一个发送器(13),所述发送器(13)能够经过所述无线广播媒质(4)发送被加密信息。 17. The apparatus according to claim 16, further comprising a transmitter (13), said transmitter (13) can pass through said wireless broadcast medium (4) transmitting encrypted information.
18.如权利要求16所述的装置,所述初始发送器(10)经过通信距离为几米的所述单向无线通信信道(3)发送所述序列(5)。 18. The apparatus of claim 16, wherein said initial-transmitter (10) (3) transmits said sequence (5) via the communication distance of several meters unidirectional wireless communication channel.
19.一种用于提供与至少一个装置(1)的鉴权通信会话的装置,包括:一个初始接收器(20),用于经过一个单向无线通信信道(3)从所述装置(1)接收一个序列(5),以获得加密信息;一个密码系统(25),用于处理所述加密信息;以及一个发送器(22),用于经过一个无线广播媒质(4)向所述装置(1)发送被加密的信息。 19. An apparatus with at least one device (1) for providing a communication session authentication, comprising: an initial receiver (20) for via a unidirectional wireless communication channel (3) from the device (1 ) receiving a sequence (5), to obtain the encrypted information; a cryptographic system (25) for processing said encryption information; and a transmitter (22) for via a wireless broadcast medium (4) to the device (1) transmitting encrypted information.
20.如权利要求16或者19所述的装置,其中所述无线广播媒质(4)是一个光学信道,一个声学信道,一个射频信道,一个HomeRF信道,一个蓝牙信道,或者一个个人局域网信道。 20. The apparatus or claim 16 to claim 19, wherein said wireless broadcast medium (4) is an optical channel, an acoustic channel, a radio channel, a HomeRF channel, a Bluetooth channel, or a Personal Area Network channel.
21.如权利要求16或者19所述的装置,其中所述无线广播媒质(4)的通信距离与所述单向无线通信信道(3)的通信距离相同或者更远。 16 or 19 or the apparatus as claimed in claim 21, wherein communicating the wireless broadcast medium (4) with the one-way communication from the wireless communication channel (3) is the same distance or farther.
22.如权利要求19所述的装置,进一步包括一个信号装置(30),用于通过一个光学和/或者声学装置发送信号来表示接收了所述序列(5)。 22. The apparatus according to claim 19, further comprising a signal means (30) for passing a optical and / or acoustic means for transmitting a signal representative of the received sequence (5).
23.如权利要求19所述的装置,其中所述初始接收器(20)周期性地侦听所述序列(5)。 23. The apparatus according to claim 19, wherein said initial receiver (20) listens periodically said sequence (5).
24.一种用于提供第一装置(1)与第二装置(2)的鉴权通信会话的通信系统,每一个所述装置均具有用于编码和解码信息的一个密码系统(15,25),由此所述第一装置(1)包括一个初始发送器(10)和第一收发器(11),所述初始发送器(10)用于经过一个单向无线通信信道(3)向所述第二装置(2)发送一个序列(5),以将加密信息送给所述第二装置(2),所述第一收发器(11)用于经过一个无线广播媒质(4)在所述第一和第二装置(1,2)之间进行加密的通信;以及所述第二装置(2)包括一个初始接收器(20)和第二收发器(21),所述初始接收器(20)用于经过所述单向无线通信信道(3)从所述第一装置(1)接收所述序列(5),以获得所述加密信息,所述第二收发器(21)用于经过所述无线广播媒质(4)在所述第一和第二装置(1,2)之间进行加密的通信。 24. A means for providing a first (1) and the second means (2) authentication of a communication system of a communication session, each of said devices each having a cryptographic system (15, 25 for encoding and decoding information ), whereby said first means (1) comprises an initial-transmitter (10) and the first transceiver (11), said initial-transmitter (10) for via a unidirectional wireless communication channel (3) to said second means (2) transmitting a sequence (5), to the encrypted information to said second means (2), the first transceiver (11) for via a wireless broadcast medium (4) encrypting the communication between said first and second means (1,2); and the second means (2) comprises an initial receiver (20) and the second transceiver (21), receiving the initial (20) for via said unidirectional wireless communication channel (3) (1) receives said sequence (5) from said first means, to obtain the encrypted information, the second transceiver (21) a wireless broadcast medium via the (4) for encrypted communication between said first and second means (1,2).
25.如权利要求24所述的通信系统,其中所述两个装置(1,2)中的一个装置能够发送一个通信参数和/或者一个会话密钥。 25. A communication system according to claim 24, wherein a device of the two devices (1, 2) capable of transmitting a communication parameter and / or a session key.
26.如权利要求24所述的通信系统,其中所述两个装置(1,2)共享所述无线广播媒质(4),并且是一个本地网络的一部分。 26. A communication system according to claim 24, wherein said two devices (1, 2) share said wireless broadcast medium (4), and is part of a local network.
27.如权利要求24所述的通信系统,其中所述第一装置(1)的所述初始发送器(10)是可调整的从而使所述单向无线通信信道(3)通过一个视线链路指向所述第二装置(2)。 27. The communication system according to claim 24, wherein said first means (1) the initial-transmitter (10) is adjustable such that said unidirectional wireless communication channel (3) by a chain line of sight pointing the second passage means (2).
CNB991274474A 1999-01-27 1999-12-30 Method, apparatus and communication system for exchanging message in all over environment CN1156117C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP99101457A EP1024626A1 (en) 1999-01-27 1999-01-27 Method, apparatus, and communication system for exchange of information in pervasive environments

Publications (2)

Publication Number Publication Date
CN1262563A CN1262563A (en) 2000-08-09
CN1156117C true CN1156117C (en) 2004-06-30

Family

ID=8237423

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB991274474A CN1156117C (en) 1999-01-27 1999-12-30 Method, apparatus and communication system for exchanging message in all over environment

Country Status (4)

Country Link
EP (1) EP1024626A1 (en)
JP (1) JP2000224156A (en)
CN (1) CN1156117C (en)
CA (1) CA2296223C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101842780B (en) 2007-10-30 2012-10-03 索尼公司 Wireless control channel and back-channel for receiver

Families Citing this family (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346374B2 (en) 1999-05-26 2008-03-18 Johnson Controls Technology Company Wireless communications system and method
WO2000072463A2 (en) 1999-05-26 2000-11-30 Johnson Controls Interiors Technology Corp. Wireless communications system and method
US6993134B1 (en) * 1999-08-09 2006-01-31 Koninklijke Philips Electronics N.V. Key exchange via a portable remote control device
EP1132839B1 (en) * 1999-09-16 2012-04-04 Panasonic Corporation Communication terminal
GB9927372D0 (en) 1999-11-20 2000-01-19 Ncr Int Inc Self-service terminal
GB2364457B (en) * 2000-07-03 2003-08-06 John Quentin Phillipps Wireless communication
US7310158B2 (en) * 2000-09-01 2007-12-18 Canon Kabushiki Kaisha Communication apparatus capable of communication with other apparatuses through wireless communication, communication system having the same communication apparatus, and method for controlling the same
AUPQ987100A0 (en) * 2000-09-04 2000-09-28 Monash University A wireless distributed authentication system
EP1193957A1 (en) * 2000-09-29 2002-04-03 Abb Research Ltd. System, device and method for sending electronic messages
JP2002124960A (en) * 2000-10-16 2002-04-26 Link Evolution Corp Communication device, communication system, and communication method
JP4816701B2 (en) * 2000-10-24 2011-11-16 ソニー株式会社 Information processing device
JP4868195B2 (en) 2000-10-24 2012-02-01 ソニー株式会社 Electronic apparatus and information processing apparatus
DE60039890D1 (en) * 2000-11-17 2008-09-25 Sony Deutschland Gmbh Information transmission via an ad hoc network
GB0028475D0 (en) 2000-11-22 2001-01-10 Ncr Int Inc Module
CN1507709A (en) * 2000-12-21 2004-06-23 松下电器产业株式会社 Radio system, radio device, radio connection method, program, and medium
FI110560B (en) * 2000-12-27 2003-02-14 Nokia Corp Grouping of wireless communication terminals
WO2002056536A1 (en) * 2001-01-09 2002-07-18 Telefonaktiebolaget Lm Ericsson Method and system for bonding two bluetooth devices
FR2820266B1 (en) * 2001-01-26 2003-05-30 Gemplus Card Int Device and method for secure automatic pairing of devices in a radio frequency network
US20020123325A1 (en) * 2001-03-01 2002-09-05 Cooper Gerald M. Method and apparatus for increasing the security of wireless data services
JP2002269663A (en) * 2001-03-13 2002-09-20 Denso Corp Security system for vehicle
WO2002075962A1 (en) * 2001-03-16 2002-09-26 Mitsubishi Denki Kabushiki Kaisha Personal digital assistant, wireless communication system, and method of establishing link
DE60236480D1 (en) 2001-03-29 2010-07-08 Panasonic Corp Image reader
US7120667B2 (en) 2001-10-30 2006-10-10 Hewlett-Packard Development Company, L.P. Method and system for ad hoc networking of computer users
JP3915481B2 (en) 2001-11-14 2007-05-16 セイコーエプソン株式会社 Wireless communication device
JP3937820B2 (en) 2001-11-27 2007-06-27 セイコーエプソン株式会社 Wireless network adapter
JP4005348B2 (en) 2001-12-12 2007-11-07 富士通テン株式会社 Wireless terminal
US7966497B2 (en) 2002-02-15 2011-06-21 Qualcomm Incorporated System and method for acoustic two factor authentication
US7487362B2 (en) * 2002-02-15 2009-02-03 Qualcomm, Inc. Digital authentication over acoustic channel
WO2003061205A1 (en) * 2002-01-10 2003-07-24 Fujitsu Limited Shor-distance wireless communication system using mobile terminal and wireless communication device therefor
US7937089B2 (en) 2002-02-06 2011-05-03 Palo Alto Research Center Incorporated Method, apparatus, and program product for provisioning secure wireless sensors
US20030149874A1 (en) 2002-02-06 2003-08-07 Xerox Corporation Systems and methods for authenticating communications in a network medium
US7477743B2 (en) * 2002-02-07 2009-01-13 Nokia Corporation Hybrid network encrypt/decrypt scheme
US6880079B2 (en) 2002-04-25 2005-04-12 Vasco Data Security, Inc. Methods and systems for secure transmission of information using a mobile device
US7401224B2 (en) 2002-05-15 2008-07-15 Qualcomm Incorporated System and method for managing sonic token verifiers
EP1523830A2 (en) * 2002-07-15 2005-04-20 Philips Electronics N.V. Method and system for communicating wirelessly between devices by means of an attachable transceiver
EP1527587A1 (en) * 2002-07-29 2005-05-04 Philips Electronics N.V. Security system for apparatuses in a network
EP1538782A1 (en) * 2002-07-29 2005-06-08 Fuji Photo Film Co., Ltd. Wireless communication apparatus and imaging apparatus
DE10254747A1 (en) * 2002-07-29 2004-02-19 Philips Intellectual Property & Standards Gmbh Security system for wireless network devices
AU2003251076A1 (en) * 2002-07-29 2004-02-23 Koninklijke Philips Electronics N.V. Security system for apparatuses in a wireless network
US7581096B2 (en) 2002-08-30 2009-08-25 Xerox Corporation Method, apparatus, and program product for automatically provisioning secure network elements
US7185199B2 (en) 2002-08-30 2007-02-27 Xerox Corporation Apparatus and methods for providing secured communication
US7027836B2 (en) 2002-09-10 2006-04-11 Eastman Kodak Company Method and system for establishing a communication network
US7392375B2 (en) 2002-09-18 2008-06-24 Colligo Networks, Inc. Peer-to-peer authentication for real-time collaboration
US7412229B2 (en) * 2002-10-02 2008-08-12 Nippon Telephone And Telegraph Corporation Sales apparatus and method of transmitting and receiving merchandise information by electric field induced in human body
US6934535B2 (en) * 2002-12-02 2005-08-23 Nokia Corporation Privacy protection in a server
KR20030043879A (en) * 2003-05-13 2003-06-02 권순태 Electronic commerce system and method using terminal identification code, digital camera and goods identification code
EP1487224A1 (en) * 2003-06-11 2004-12-15 Sony France S.A. Wireless communication system and method for facilitating wireless communication
US7454619B2 (en) 2003-06-24 2008-11-18 Palo Alto Research Center Incorporated Method, apparatus, and program product for securely presenting situation information
CA2533030C (en) 2003-07-16 2010-05-25 Skype Limited Peer-to-peer telephone system
FR2860668B1 (en) * 2003-10-06 2006-01-06 Valeo Securite Habitacle Current baudge identification system circulating through the body to two detection modes
KR100617671B1 (en) * 2003-12-22 2006-08-28 삼성전자주식회사 High-speed wireless lan system
JP2005197880A (en) * 2004-01-05 2005-07-21 Nec Corp Information distribution system, information distribution method, mobile, server, and information distribution terminal
JP2005303947A (en) * 2004-04-16 2005-10-27 Matsushita Electric Ind Co Ltd Radio communication apparatus and radio communication method
JP4042723B2 (en) 2004-06-01 2008-02-06 ソニー株式会社 Communication system, terminal, and communication method
US7552322B2 (en) * 2004-06-24 2009-06-23 Palo Alto Research Center Incorporated Using a portable security token to facilitate public key certification for devices in a network
JP4670270B2 (en) * 2004-06-28 2011-04-13 ソニー株式会社 Communication system and communication apparatus
JP2006180110A (en) 2004-12-21 2006-07-06 Nec Corp Data transmission system, data transmission method, data transmission server, data receiving terminal and data transmitting program
US20060195695A1 (en) * 2005-02-25 2006-08-31 John Keys Techniques for verification of electronic device pairing
US20060205449A1 (en) 2005-03-08 2006-09-14 Broadcom Corporation Mechanism for improved interoperability when content protection is used with an audio stream
US7577459B2 (en) * 2005-05-11 2009-08-18 Nokia Corporation Establishing a communication link
JP2006332903A (en) * 2005-05-24 2006-12-07 Ntt Docomo Inc Key acquisition apparatus, key providing apparatus, key exchange system, and key exchange method
GB2427101B (en) * 2005-06-10 2008-04-02 Motorola Inc Communication terminal, system and a method for establishing a communication link
GB2427336B (en) * 2005-06-16 2010-01-20 Hewlett Packard Development Co Secure transaction method and transaction terminal for use in implementing such method
US9191198B2 (en) 2005-06-16 2015-11-17 Hewlett-Packard Development Company, L.P. Method and device using one-time pad data
US7916869B2 (en) 2005-09-01 2011-03-29 Sharp Laboratories Of America, Inc. System and method for automatic setup of a network device with secure network transmission of setup parameters using a standard remote control
US7609837B2 (en) 2005-09-01 2009-10-27 Sharp Laboratories Of America, Inc. System and method for automatic setup of a network device with secure network transmission of setup parameters
DE102005045118B4 (en) * 2005-09-21 2007-08-23 Siemens Ag Registration procedure between participants of a communication system and participants
TW200727609A (en) * 2005-09-27 2007-07-16 Kaba Ag A method and system for the transmission of identification signals
EP1980065B1 (en) 2006-01-18 2017-05-24 Koninklijke Philips N.V. Automatic and secure configuration of wireless medical networks
CN101389265B (en) 2006-02-24 2011-01-26 皇家飞利浦电子股份有限公司 Wireless body sensor network
JP4969644B2 (en) 2006-05-08 2012-07-04 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Method and data transmission system for transmitting application data from first device to second device
WO2008015591A1 (en) * 2006-07-31 2008-02-07 Koninklijke Philips Electronics N.V. Method and system for establihing and controlling communication between two communication devices
WO2008015627A1 (en) * 2006-07-31 2008-02-07 Koninklijke Philips Electronics N.V. Method and system for configuring a network and network management device
US7831043B2 (en) 2006-08-27 2010-11-09 International Business Machines Corporation System and method for cryptographically authenticating data items
WO2009082378A2 (en) 2006-10-11 2009-07-02 Johnson Controls Technology Company Wireless network selection
US8160494B2 (en) 2007-01-17 2012-04-17 Research In Motion Limited Methods and apparatus for use in switching user account data and operations between two different mobile communication devices
EP1947812B1 (en) * 2007-01-17 2016-10-19 BlackBerry Limited Methods and apparatus for use in switching user account data and operations between two different mobile communication devices
CN101647228B (en) 2007-04-05 2012-08-29 国际商业机器公司 System and method for distribution of credentials
EP1981183A3 (en) * 2007-04-09 2008-11-05 Ajang Bahar Devices, systems and methods for ad hoc wireless communication
US7734181B2 (en) 2007-04-09 2010-06-08 Ajang Bahar Devices, systems and methods for ad hoc wireless communication
JP2008270870A (en) * 2007-04-16 2008-11-06 Sony Corp Communications system, communications apparatus and method, and computer program
US8068607B2 (en) * 2007-07-31 2011-11-29 Ricoh Company, Limited Information processing apparatus and information processing method
US20090233548A1 (en) * 2008-03-13 2009-09-17 Sony Ericsson Mobile Communications Ab Skin-based information transfer between mobile devices
JP2009260554A (en) * 2008-04-15 2009-11-05 Sony Corp Content transmission system, communication device, and content transmission method
JP4894826B2 (en) 2008-07-14 2012-03-14 ソニー株式会社 Communication device, communication system, notification method, and program
US8806609B2 (en) 2011-03-08 2014-08-12 Cisco Technology, Inc. Security for remote access VPN
EP2523417A1 (en) * 2011-05-09 2012-11-14 Kamstrup A/S Paring of devices using an encryption key
CN102957529B (en) * 2011-08-29 2018-02-09 国民技术股份有限公司 Radio frequency safety communication means and system, magnetic communication radio frequency reception/transmission terminal
AT512075A1 (en) * 2011-10-18 2013-05-15 Evva Sicherheitstechnologie Method of access control
FR2981823B1 (en) * 2011-10-25 2013-12-27 Continental Automotive France Method for authenticating an identification device against an actuator device, and a motor vehicle comprising such an actuator device
JP6195344B2 (en) 2012-06-08 2017-09-13 キヤノン株式会社 X-ray imaging system, control method of X-ray imaging system, and program
EP2747040A1 (en) * 2012-12-21 2014-06-25 Gemalto SA Converting communication device
US9307374B2 (en) 2013-06-19 2016-04-05 Globalfoundries Inc. Transferring information on a first mobile computing device to a peer mobile computing device
KR101499894B1 (en) * 2013-11-15 2015-03-06 한국전력기술 주식회사 Unidirectional Data Transfer Device over Ethernet Network
US9332377B2 (en) 2013-12-05 2016-05-03 Sony Corporation Device and method for control of data transfer in local area network
EP3078135B1 (en) 2013-12-05 2019-12-11 Sony Corporation Pairing consumer electronic devices using a cross-body communications protocol
EP3078157A1 (en) 2013-12-05 2016-10-12 Sony Corporation A wearable device and a method for storing credentials associated with an electronic device in said wearable device
US9351100B2 (en) 2013-12-05 2016-05-24 Sony Corporation Device for control of data transfer in local area network
US9842329B2 (en) 2015-02-13 2017-12-12 Sony Corporation Body area network for secure payment
US20170243408A1 (en) * 2016-02-18 2017-08-24 Ford Global Technologies, Llc Method and apparatus for enhanced telematics security through secondary channel

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2254225A (en) * 1991-03-05 1992-09-30 Nat Semiconductor Corp Cordless telephone security coding
EP0756397B1 (en) * 1995-07-28 2003-06-25 Agilent Technologies, Inc. (a Delaware corporation) System and method for key distribution and authentication between a host and a portable device
US5796827A (en) * 1996-11-14 1998-08-18 International Business Machines Corporation System and method for near-field human-body coupling for encrypted communication with identification cards

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101842780B (en) 2007-10-30 2012-10-03 索尼公司 Wireless control channel and back-channel for receiver

Also Published As

Publication number Publication date
CA2296223A1 (en) 2000-07-27
CN1262563A (en) 2000-08-09
KR20000057751A (en) 2000-09-25
CA2296223C (en) 2008-08-12
EP1024626A1 (en) 2000-08-02
JP2000224156A (en) 2000-08-11

Similar Documents

Publication Publication Date Title
Balfanz et al. Talking to Strangers: Authentication in Ad-Hoc Wireless Networks.
JP4571654B2 (en) Short message communication using information beacons
Bisdikian An overview of the Bluetooth wireless technology
EP1395019B1 (en) Apparatus and method for providing authentication information for a secure group communication
US8823494B1 (en) Systems and methods for wireless device connection and pairing
EP2394226B1 (en) Portable electronic device with proximity-based content synchronization
EP1277299B1 (en) Method for securing communications between a terminal and an additional user equipment
US6912657B2 (en) Method and arrangement in a communication network
CN103039035B (en) Close-distance safety data communication method based on sound wave or audio frequency
RU2313916C2 (en) Method for acoustic two-factor authentication
JP3484126B2 (en) Service announcement in wireless local network
US8687536B2 (en) Method and apparatus to create multicast groups based on proximity
US8156337B2 (en) Systems and methods for authenticating communications in a network medium
CN101095318B (en) Method and device for bluetooth pairing
DE60029217T2 (en) Method and device for initializing safe connections between and between only customized cordless equipment
EP2338268B1 (en) A transaction system for business and social networking
CN101527911B (en) Communication apparatus and communication method
Haartsen Bluetooth-The universal radio interface for ad hoc, wireless connectivity
KR100854797B1 (en) Electronic payment schemes in a mobile environment for short-range transactions
US10491575B2 (en) Secure dynamic communication network and protocol
CN100394734C (en) Method and system for establishing short-range service sessions
CN1701560B (en) Connection authentication in wireless communication network system
JP4911480B2 (en) Method and system for performing cellular-assisted secure communication with multiple ad hoc devices
US20040128509A1 (en) Method and system for establishing a wireless communication link
JP4992378B2 (en) Portable terminal device, gateway device, program, and system

Legal Events

Date Code Title Description
C10 Entry into substantive examination
C06 Publication
C14 Grant of patent or utility model
C17 Cessation of patent right